7 matches found
CVE-2026-25315
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...
CVE-2026-25315
CVE-2026-25315 describes a Missing Authorization vulnerability in the WordPress plugin hCaptcha for WP – hcaptcha-for-forms-and-more, due to incorrectly configured access control. Affected versions are reported as from n/a through 4.21.1 (per CVE/NVD) with CVSSv3.1 base score 5.3 (MEDIUM), reflec...
CVE-2026-25315 WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...
CVE-2026-25315
Improperly implemented security check vulnerability in KAGG hCaptcha for WP allows CAPTCHA Functionality Bypass.This issue affects hCaptcha for WP: from n/a through 4.21.1. The vulnerability is limited to the CAPTCHA mechanism intended to protect a publicly accessible form from automated abuse. I...
CVE-2024-4014
The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress hCaptcha plugin <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability discovered by haidv35 in WordPress Plugin hCaptcha for WP versions = 4.0.0...
WordPress hCaptcha Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software hCaptcha Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4014 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3903916f995b Credits haidv35 Required privilege...